On 13/9/11 12:38 PM, "Brian E Carpenter"
On 2011-09-12 17:55, Michael Newbery wrote:
Well, there is the NIST document, "Guidelines for the Secure Deployment of IPv6"
I have reservations about this document, but it is probably a useful starting point. At least it gets them on the way to understanding what they don't know.
Except that it basically says "block all tunnels unconditionally" which is one of the major operational problems for people whose corporate network doesn't support IPv6. That's a black mark against the NIST, and equivalent US DoD, documents.
Which is the main reason for my reservation. The "I don't understand this, it must be evil!" worldview. I commonly encounter two types of security mindsets: * What do you need to do? How do we make it safe (enough)? * What are you doing? STOP THAT! :) -- Michael Newbery IP Architect TelstraClear Limited TelstraClear. Simple Solutions. Everyday Residential 0508 888 800 Business 0508 555 500 Enterprise & Government 0508 400 300 This email contains information which may be confidential and subject to copyright. If you are not the intended recipient you must not use, distribute or copy this email or attachments. If you have received this email in error please notify us immediately by return email and delete this email and any attachments. TelstraClear Limited accepts no responsibility for changes made to this email or to any attachments after transmission from TelstraClear Limited. It is your responsibility to check this email and any attachments for viruses. Emails are not secure. They can be intercepted, amended, lost or destroyed and may contain viruses. Anyone who communicates with TelstraClear Limited by email is taken to accept these risks.